All you need to know about Social Engineering


The face of Social Engineering
The face of Social Engineering

Simplesysadmin.info. If you concern about cyber security, you should knew about social engineering. Social engineering is a method relies on human interaction and psychological manipulation. It have several type of attacks depends on targer behavior.

Introduction of social engineering

 

Social engineering is an approach of attack that relies on human interaction and often concern to tricking people so they give up confidential information. Psychological manipulation is that something used, because it is very effective in gaining access to restricted information. People’s willingness to help each other or ther lack of knowledge which sources for exploitation in social engineering.

 

A social engineer works used to be called a “con game”.  Techniques that often used in social engineering are attract arrogance, attract authority and attract greed.

 

Social engineering can be non-technical attacks and don’t necessarily involve exploitation of systems or software. That’s why social engineering is one of the greatest security threats so far.

 

ReadCautions: A new malware spreads via the Facebook Messenger

 

The example of social engineering

 

The example is an email tells you to ‘verify’ some informations because it’s explains there is a problem. You need to click a link that provided and inputting the desired information. The link have logos and content looks like very real and valid, and also make you to trust this source by giving you the impression. The criminals may have email copied a company email exactly, so there is little difference between a valid Apple email, for example, and a fraudulent one.

Usually the email have warning message included of what will happen if you fail to act soon with these type of phising scams.

Phising on Social Engineering
Phising on Social Engineering

 

The types of social engineering attack :

 

  • Baiting

This type of attack is the attacker drop something in a place that intentionally want to be found. Usually the attacker drop a malwer-infected physical device, like USB flash drive. Then the finder collect the device and pluging it onto their computer. After that, the finder or the target accidentaly installing malware.

  • Phishing

When a hacker party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.

  • Spear phishing

Spear phishing is like phishing, but tailored for a specific individual or organization.

  • Pretexting

Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.

  • Scareware

Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker’s malware.

  • Shoulder surfing

Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices.

 

ReadNever Too Early To Teaching Kids About CyberSecurity

 

How to prevent social engineering attacks

 

  • Slow down.

Spammers want you to act first and think later. If the message conveys a sense of urgency, or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.

  • Research the facts.

Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.

  • Delete any request for financial information or passwords.

If you get asked to reply to a message with personal information, it’s a scam.

  • Reject requests for help or offers of help.

Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.

  • Don’t let a link in control of where you land.

Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.

 

Source:

https://www.cybrary.it/2017/08/cyber-fact-social-engineering/;

https://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering;

All you need to know about Social Engineering


About Desianto Abdillah 31 Articles
My name is Desianto Abdillah. I am a System Administrator. My experience as SysAdmin no more than two years, but i realy like to share somethings that i just learned and i just done. I more familiar with Linux SysAdmin than others sysadmin's function. I have high enthusiasm in IT, especially in SysAdmin world.
  • Its really important to know about social engineering to control violations. i have also found one platform which offers you different courses related to Cyber Security